ooterness

joined 2 years ago
sorted by: new top controversial old
NASA's Curiosity Rover Uncovers Trove of Yellow Crystals on Mars in c/technology
[–] ooterness 2 points 7 months ago (1 children)

Elerium-115?

Please don't ban me for posting classified documents in c/[email protected]
[–] ooterness 28 points 7 months ago

I assume this guide is for engaging the F-117 in midair hand-to-hand combat after you've leapt aboard. But in that case, where are you supposed to get dirt? Bring it with you, like some kind of peasant?? Just use your sword like a normal ninja.

Rokk in c/grimdank
[–] ooterness 23 points 7 months ago (1 children)

LOOK WHAT THOSE GITS NEED TO MIMIC A FRACTION OF OUR POWER.

Firefox added ad tracking and has already turned it on without asking you in c/[email protected]
[–] ooterness 3 points 7 months ago (1 children)

Sadly, Firefox mobile got rid of about:config, and I can't find any relevant options in the regular settings.

How old are you? in c/comicstrips
[–] ooterness 51 points 7 months ago (2 children)

Apparently, 78 or 81 is a perfect age to run for President.

Firefox added ad tracking and has already turned it on without asking you in c/[email protected]
[–] ooterness 52 points 7 months ago (4 children)

You can disable this "feature":

  1. Visit about:config

  2. Set "dom.private-attribution.submission.enabled" to false

Signal downplays encryption key flaw, fixes it after X drama in c/technology
[–] ooterness 1 points 7 months ago* (last edited 7 months ago) (1 children)

Sure, but there's still no excuse for "store the password in plaintext lol". Once you've got user access, files at rest are trivial to obtain.

You're proposing what amounts to a phishing attack, which is more effort, more time, and more risk. Anything that forces the attacker to do more work and have more chances to get noticed is a step in the right direction. Don't let perfect be the enemy of good.

Signal downplays encryption key flaw, fixes it after X drama in c/technology
[–] ooterness 8 points 7 months ago* (last edited 7 months ago) (3 children)

No, defense in depth is still important.

It's true that full-disk encryption is useless against remote execution attacks, because the attacker is already inside that boundary. (i.e., As you say, the OS will helpfully decrypt the file for the attacker.)

However, it's still useful to have finer-grained encryption of specific files. (Preferably in addition to full-disk encryption, which remains useful against other attack vectors.) i.e., Prompt the user for a password when the program starts, decrypt the data, and hold it in RAM that's only accessible to that running process. This is more secure because the attacker must compromise additional barriers. Physical access is harder than remote execution with root, which is harder than remote execution in general.

"Star Trek is woke now" in c/tenforward
Implementing RFC 3339 shouldn't really be that hard... in c/[email protected]
[–] ooterness 9 points 7 months ago (1 children)

UTC is better than most, but leap seconds are still awful. Computers should use GPS or TAI everywhere. Dealing with time zones and leap seconds is for human readability and display purposes only.

Signal under fire for storing encryption keys in plaintext on desktop app in c/[email protected]
[–] ooterness 29 points 7 months ago (1 children)

Full disk encryption doesn't help with this threat model at all. A rogue program running on the same machine can still access all the files.

Trump asks judge to gut classified documents case after immunity ruling in c/news
[–] ooterness 26 points 7 months ago (1 children)

I'm tired of having to choose between "Uvalde shooter" and "Uvalde cops" in every election. Fucking do something or get out of the way.

view more: ‹ prev next ›